Aruba Central Switch Configuration

Similar documents
Aruba Central Switch Configuration

Aruba Central Switch Configuration

Aruba Central Switch Configuration

August 2015 Aruba Central Getting Started Guide

Aruba VIA Windows Edition

Aruba Instant

Aruba Central Guest Access Application

Aruba Instant

Aruba Central. User Guide

Aruba Central. User Guide

MSP Solutions Guide. Version 1.0

Aruba Central. User Guide

Deploy APs in a Centralized Controller-Based Network

Aruba VIA Android Edition

Aruba VIA Windows Edition

Aruba Central Application Programming Interface

Aruba Central. User Guide

Aruba Networks and AirWave 8.2

AirWave Supported Infrastructure Devices

AirWave Supported Infrastructure Devices. Aruba Devices. ArubaOS. ArubaOS Clarity Synthetic. ArubaOS FIPS.

Peplink SD Switch User Manual

Aruba Central Instant Access Point Configuration

Peplink SD Switch User Manual. Published on October 25th, 2018

Aruba Central. 10:00 GMT 11:00 CEST 13:00 GST MAY 29th, Presenter: NITESH SINGLA

Aruba Central Access Points Configuration

Viewing Network Status, page 116. Configuring IPv4 or IPv6 Routing, page 116. Configuring the WAN, page 122. Configuring a VLAN, page 137

User Guide TL-R470T+/TL-R480T REV9.0.2

Aruba VIA for Mobility Master

AirWave Glass Installation and User Guide

Smart Install in LMS CHAPTER

Cisco Unified IP Phone Installation

Management and Configuration Guide for WB.15.16

AXIS Camera Station S20 Appliance Series AXIS Camera Station S2008 Appliance AXIS Camera Station S2016 Appliance AXIS Camera Station S2024 Appliance

HP Switch Software Management and Configuration Guide K/KA/KB.15.16

Configuration Guide TL-ER5120/TL-ER6020/TL-ER REV3.0.0

Grandstream Networks, Inc. GWN76xx Wi-Fi Access Points Master/Slave Architecture Guide

Configuring Hybrid REAP

LevelOne. User Manual. WAP Mbps PoE Wireless AP V3.0.0

Chapter 3 Managing System Settings

HP Cloud-Managed Networking Solution Release Notes

Application Notes for Firetide Wireless Mesh Network with an Avaya IP Telephony Infrastructure - Issue 1.0

Oct 2007 Version 1.01

Management Software AT-S101. User s Guide. For use with the AT-GS950/8POE Gigabit Ethernet WebSmart Switch. Version Rev.

vsphere Networking Update 1 ESXi 5.1 vcenter Server 5.1 vsphere 5.1 EN

Best Connectivity. 5-Port 10/100Mbps Desktop Switch with 4-Port PoE

About VLAN IEEE 802.1Q. Voice VLAN

Management and Configuration Guide WB.15.18

WISNETWORKS. WisOS 11ac V /3/21. Software version WisOS 11ac

NXC Series. Handbook. NXC Controllers NXC 2500/ Default Login Details. Firmware Version 5.00 Edition 19, 5/

LAPAC1200. AC1200 Dual Band Access Point. User's Guide

DWS-4000 Series DWL-3600AP DWL-6600AP

User Handbook. Switch Series. Default Login Details. Version 1.0 Edition

Configure Controller and AP Settings

HPE IMC BYOD WLAN 802.1X Authentication and Security Check Using inode Configuration Examples

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

WB xxxx Software Fix List

Aruba Instant. Validated Reference Design. Chapter 2 Branch Connectivity. Version Roopesh Pavithran Andrew Tanguay

Product features. Applications

User Guide LAPN300. Wireless-N300. Access Point with POE. Model # LAPN300

Wireless USB Port Multi-Functional Printer Server. Model # AMPS240W. User s Manual. Ver. 1A

Management and Configuration Guide WB.16.01

Configuration Guide. Wireless Controller AC50/AC REV 1.0.0

07/ CONFIGURING SECURITY SETTINGS

Aruba Instant Release Notes

NMS300 Network Management System Application

Cisco ASA 5500 LAB Guide

Running the Setup Web UI

NWA5120 Series. User s Guide. Quick Start Guide a/b/g/n Unified Access Point. Default Login Details. Version 2.25 Edition 1, 01/2013

ArubaOS 6.2. Quick Start Guide. Install the Controller. Initial Setup Using the WebUI Setup Wizard

Installing or Upgrading to 6.6 on a Virtual Appliance

WISNETWORKS. WisOS 11ac V /3/21. Software version WisOS 11ac

WiNG 5.x How-To Guide

Configuring DHCP. Finding Feature Information. Information About DHCP. DHCP Server. DHCP Relay Agent

BIG-IP TMOS : Implementations. Version

Insight Basic and Premium Mobile App and Cloud Portal User Manual

IEEE 802.1Q. Voice VLAN

WAP3205 v2. User s Guide. Quick Start Guide. Wireless N300 Access Point. Default Login Details. Version 1.00 Edition 2, 12/2012

WRE2206. User s Guide. Quick Start Guide. Wireless N300 Range Extender. Default Details. Version 1.00 Edition 1, 01/2015

Aruba Instant in AirWave 7.7

Configuring DHCP. Finding Feature Information. Information About DHCP. DHCP Server. DHCP Relay Agent

HP M n Access Point Configuration and Administration Guide

IEEE 802.1Q. Voice VLAN

Wavelink Avalanche Server

CWA-854HT 54 Mbps Wireless-G High Transmission Access Point User s Guide

WRE6505 v2. User s Guide. Quick Start Guide. Wireless AC750 Range Extender. Default Login Details. Version 1.00 Edition 1, 10/2016

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

Copyright Statement. Disclaimer. Copyright 2016 IP-COM Networks Co., Ltd. All rights reserved.

Cisco IP Phone Installation

Configuring DHCP. Finding Feature Information. Information About DHCP. DHCP Server. DHCP Relay Agent

Management and Configuration Guide YA/ YB.15.18

User Guide. 450Mbps/300Mbps Wireless N Access Point TL-WA901ND/TL-WA801ND REV

ProSAFE 8-Port 10-Gigabit Web Managed Switch Model XS708Ev2 User Manual

48-Port 10/100/1000BASE-T + 4-Port 100/1000BASE-X SFP Gigabit Managed Switch GS T4S

Powered by Accton. ES Port Gigabit Web-Smart Switch. Management Guide.

Chapter 1 Introduction

Barracuda Link Balancer

Upgrading from TrafficShield 3.2.X to Application Security Module 9.2.3

HPE ArubaOS-Switch Advanced Traffic Management Guide for WB.16.03

HPE ArubaOS-Switch Management and Configuration Guide for YA/ YB.16.02

ProSAFE 8-Port and 16-Port 10-Gigabit Ethernet Web Managed Switch Models XS708Ev2 and XS716E User Manual

Transcription:

Aruba Central Switch Configuration User Guide

Copyright Information Copyright 2017 Hewlett Packard Enterprise Development LP. Open Source Code This product includes code licensed under the GNU General Public License, the GNU Lesser General Public License, and/or certain other open source licenses. A complete machine-readable copy of the source code corresponding to such code is available upon request. This offer is valid to anyone in receipt of this information and shall expire three years following the date of the final distribution of this product version by Hewlett Packard Enterprise Company. To obtain such source code, send a check or money order in the amount of US $10.00 to: Hewlett Packard Enterprise Company Attn: General Counsel 3000 Hanover Street Palo Alto, CA 94304 USA Revision 01 November 2017 Aruba Central User Guide

Contents Contents 3 Contacting Support 5 Wired Management 6 Aruba Switches 6 Adding Switches to Central 7 Assigning Groups 7 Configuring Devices in Template Groups 7 Creating a Template Group 7 Creating a Configuration Template for Instant APs 8 Creating a Configuration Template for Aruba Switches 9 Editing a Template 10 Managing Variable Files 10 Configuring Switches in UI Groups 14 Viewing Switch Details 14 Configuring Ports 15 Configuring VLANs 16 Adding VLAN Details 16 Editing the VLAN Details 17 Deleting VLAN Details 17 Configuring Access Policies 17 Configuring DHCP Pools 18 Adding a New DHCP Pool 18 Applying Configuration Changes through CLI Snippets 19 Configuring System Parameters for a Switch 20 Aruba Switch Stack 22 Aruba Central User Guide Contents 3

Provisioning Switch Stacks in Central 22 Configuring Switch Stacks 22 Monitoring Switch Stacks 23 4 Contents Aruba Central User Guide

Contacting Support Table 1: Contact Information Main Site Support Site Airheads Social Forums and Knowledge Base North American Telephone International Telephone Software Licensing Site End-of-life Information Security Incident Response Team arubanetworks.com support.arubanetworks.com community.arubanetworks.com 1-800-943-4526 (Toll Free) 1-408-754-1200 arubanetworks.com/support-services/contact-support/ hpe.com/networking/support arubanetworks.com/support-services/end-of-life/ Site: arubanetworks.com/support-services/security-bulletins/ Email: sirt@arubanetworks.com Aruba Central User Guide Contents 5

Chapter 2 Wired Management This chapter provides an overview of the supported Aruba switches and describes the procedures for provisioning, configuring, monitoring, and troubleshooting switches from the Central UI. Aruba Switches on page 6 Adding Switches to Central on page 7 Configuring Devices in Template Groups on page 7 Configuring Switches in UI Groups on page 14 Aruba Switch Stack on page 22 Aruba Switches The Aruba switches enable secure, role-based network access for wired users and devices, independent of their location or application. The switch operates as a wired access point when deployed with an Aruba Mobility Controller. As a wired access point, users and their devices are authenticated and assigned a unique role by the Mobility Controller. These roles are applied irrespective of whether the user is a Wi-Fi client, or is connected to a port on the switch. The use of switches allows an enterprise workforce to have consistent and secure access to network resources based on the type of users, client devices, and connection method used. Supported Switch Platforms Central supports the following Aruba Switch platforms: Table 2: Supported Aruba Switches Switch Platform Aruba 2930M Switch Series Aruba 2920 Switch Series Aruba 2930F Switch Series Aruba 3810 Switch Series Aruba 5400R Switch Series Aruba 2530 Switch Series Aruba 2540 Switch Series Aruba Mobility Access Switch Series S1500-12P S1500-24P S2500-24P S3500-24T Supported Software Versions WC.16.04.0004 or later WB.16.02.0012 or later WC.16.02.0012 or later KB 16.03.0003 or later KB.16.04.0008 or later YA/YB 16.04.0008 or later YC.16.02.0012 or later ArubaOS 7.3.2.6 ArubaOS 7.4.0.3 ArubaOS 7.4.0.4 ArubaOS 7.4.0.5 Aruba Central User Guide Wired Management 6

Adding Switches to Central Central supports zero touch provisioning of the devices. It automatically retrieves the devices associated to a customer account. To synchronize the devices from the inventory, click Sync Now. If the retrieval of devices is not complete or successful due to process errors, you can manually add the devices. To manually add a device, complete the following steps: 1. From the app selector, click the Global Settings app. 2. Click Devices Inventory. The Device Inventory page opens. 3. Click Add Manual. 4. Follow the instructions described on the following table: Table 3: Adding Devices Device Addition Method Adding up to 32 devices Description 1. Enter the MAC address and serial number of the device. 2. Click Next. The list of available devices is displayed. 3. Click Add <x> Devices. NOTE: You can add up to 32 devices. The provisioning of the Aruba Mobility Access Switch fails when the provisioning process is interrupted during the initial booting and if the switch has a static IP address with no DNS server configured. During Zero Touch Provisioning, the Aruba switches can join Central only if they are running the factory default configuration, and have a valid IP address and DNS settings from a DHCP server. If the switches ship with a version lower than the minimum supported firmware version, a factory reset may be required, so that the switch can initiate a connection to Central. For information, on the minimum firmware versions supported on the switches, see Aruba Switches. Assigning Groups After the switches are added in Central, you can assign the switches to groups. Central does not support configuring switches such as Aruba 5400R Switch Series and switch stacks through the UI. These devices can only be configured using templates. Therefore, these devices are assigned to the template groups by default. Configuring Devices in Template Groups Central allows you to provision devices in UI or template groups. For devices mapped to a template group, you can create a template with a standard set of CLI scripts, configuration commands, and variables. If a group is set as a template group, the UI configuration wizards for the devices in that group are disabled. The Aruba 5400R Switch Series and switch stacks can be configured only by using the configuration templates. You can set a group as a template group, so that a common configuration is applied for all devices in the group. Creating a Template Group To create a template group, complete the following steps: 1. From the app selector on the left pane, select the Global Settings app. 7 Wired Management Aruba Central User Guide

2. Click Manage Groups. 3. Click (+) to create a new group. The Create New Group pane appears. 4. To set the group as a template group, select the Use As a Template Group check box. 5. Click Save. Creating a Configuration Template for Instant APs To create a template for the devices in a template group, complete the following steps: 1. From the app selector, click Wireless Configuration. 2. Select a template group. The template configuration menu options are displayed. 3. Click Templates. The Templates page opens. 4. Click + to add a new template. The ADD TEMPLATE page opens. 5. Add the template name. 6. Ensure that the device category is set to Instant AP. 7. Set the model and firmware version parameters to ALL. 8. Add the CLI script content. Note the following points for adding contents to the template: Ensure that the command text indentation matches the indentation in the running configuration. The commands in the template are case-sensitive. 9. Click OK. The variables configured for the Instant AP devices functioning as the VCs are replaced with the values configured at the template level. For Instant APs, the template allows only one per-ap settings block and must have the per-ap-settings %_sys_lan_ mac% variable. The per-ap-settings block uses the variables for the individual APs. The general VC configuration uses variables for master AP to generate the final configuration from the provided template. Hence, Aruba recommends that you upload all variables for all devices in a cluster and change values as required for individual AP variables. If any device in the cluster has any missing variables, the configuration push to those AP devices in the cluster fails. The audit trail for such instances shows the missing variables. Sample Template The following example shows the typical contents allowed in a template file for Instant APs: organization %org% virtual-controller-ip 1.1.1.1 syslog-level debug syslog-level warn ap-debug per-ap-settings %_sys_lan_mac% hostname %hostname% zonename %zonename% wlan ssid-profile %ssid_name% %if disable_ssid=true% disable-ssid %endif% %if ssid_security=wpa2% opmode wpa2-aes %else% opmode opensystem %endif% Aruba Central User Guide Wired Management 8

%if condition1=true% routing-profile 10.10.0.0 255.255.255.0 10.10.0.255 %if condition2=true% routing-profile 10.20.0.0 255.255.255.0 10.20.0.255 %else% routing-profile 10.30.0.0 255.255.255.0 10.30.0.255 %endif% %else% routing-profile 10.40.0.0 255.255.255.0 10.40.0.255 %if condition3=true% routing-profile 10.50.0.0 255.255.255.0 10.50.0.255 %else% routing-profile 10.60.0.0 255.255.255.0 10.60.0.255 %endif% %endif% Creating a Configuration Template for Aruba Switches To create a template for the devices in a template group, complete the following steps: 1. From the app selector, click Wired Configuration. 2. Select a template group. The template configuration menu options are displayed. 3. Click Templates. The Templates page opens. 4. Click + to add a new template. 5. Add the template name. 6. Select Aruba Switches for the device type. 7. Specify the model and the firmware version. To create a single template for all Switch platforms and firmware versions, select ALL. To create a template for a specific model and firmware version, select the Switch model and the firmware version. The template created for a specific switch model and a firmware version takes precedence over the template created for all platforms and versions. 8. Add the CLI script content. Note the following points for adding contents to the template: Ensure that the command text indentation matches the indentation in the running configuration. The commands in the template are case-sensitive. The following example illustrates the case discrepancies that the users must avoid in templates and variable definitions. trunk E1-E4 trk1 trunk interface Trk1 dhcp-snooping trust exit trunk E1-E4 trk1 trunk switch-interconnect trk1 trunk E5-E6 trk2 trunk vlan 5 name "VLAN5" untagged Trk2 tagged Trk1 isolate-list Trk1 ip igmp forcedfastleave Trk1 ip igmp blocked Trk1 ip igmp forward Trk1 forbid Trk1 9 Wired Management Aruba Central User Guide

loop-protect Trk2 trunk E1-E4 trk1 trunk trunk E4-E5 trk2 trunk spanning-tree Trk1 priority 4 spanning-tree Trk2 admin-edge-port trunk A2-A4 trk1 trunk igmp fastlearn Trk1 trunk E4-E5 trk2 trunk ip source-binding 2 4.5.6.7 b05ada-96a4a0 Trk2 [no] ip source-binding trap OutOfResources snmp-server mib hpswitchauthmib.. snmp-server mib hpicfmacsec unsecured-access.. [no] lldp config <P-PORT-LIST> dot1tlvenable.. [no] lldp config <P-PORT-LIST> medtlvenable.. no lldp config <P-PORT-LIST> medportlocation.. [no] lldp config <P-PORT-LIST> dot3tlvenable.. [no] lldp config <P-PORT-LIST> basictlvenable.. [no] lldp config <P-PORT-LIST> ipaddrenable <lldp-ip> trunk-load-balance L4-based trunk-load-balance L3-based 9. Ensure that the template contains the following mandatory information: Header that includes a few lines of the show running-config command output. Module information The following example shows the mandatory lines required in the template: ; J9727A Configuration Editor; Created on release #WB.16.03.0000x ; Ver #0e:73.b8.ee.34.79.3c.29.eb.9f.fc.f3.ff.37.ef:2f module 1 type j9727a include-credentials 10. Click OK. Editing a Template To edit or delete a template, select the template row and click the edit or delete icon, respectively. Managing Variable Files The variable files consist of a set of configuration values defined for devices in the network. For Instant APs, you can configure a variable file with a set of values defined for a specific AP device that functions as the VC in the network. When the variable file is uploaded, the configuration values are applied on the Instant AP devices in the cluster. Aruba Central User Guide Wired Management 10

The following conditions apply to the variable files: The variable names must be on the left side of condition and its value must be defined on the right side. For example, %if var=100% is supported and %if 100=var% is not supported. The < or <= or > or >= operators should have only numeric integer value on the right side. The variables used in these 4 operations are compared as integer after flooring. For example, if any float value is set as %if dpi_value > 2.8%, it is converted as %if dpi_value > 2 for comparison. The variable names should not include white space, and the & and % special characters. The variable names must match regular expression [a-za-z0-9_]. If the variables values with % are defined, ensure that the variable is surrounded by space. For example, wlan ssid-profile %ssid_name%. The first character of the variable name must be an alphabet. Numeric values are not accepted. The values defined for the variable must not include spaces. If quotes are required, they must be included as part of the variable value. For example, if the intended template and variable name is wlan ssid-profile "emp ssid, the template must be defined template as "wlan ssid-profile %ssid_name% and variable as ssid_name : "\"emp ssid\"". Predefined Variables for Aruba Switches Although all Aruba Switches can be configured by using common configuration templates, the configuration of these switches may need to change per device. Central uses the predefined variables to address the per device configuration requirements. Central parses a set of predefined variables from the running configuration of the switches and identifies these as the variables per device. All the pre-defined variables are prefixed by sys.. The following is the list of predefined variables used for configuring switches. sys_template_header_ Represents the first two lines of the configuration file. Ensure that this variable is the first line in the template. snmpv3 engineid "%_sys_snmpv3_engineid%" Populates engine ID. _sys_module_command Populates module lines. ip default-gateway _sys_gateway Populates gateway IP address. hostname _sys_hostname Maintains unique host name. _sys_oobm_command Represents Out of Band Management (OOBM) block. _sys_ip_address Indicates the IP address of the device. _sys_netmask Netmask of the device. _sys_use_dhcp DHCP status (true or false) of VLAN 1. _sys_vlan_1_untag_command Untagged ports of VLAN 1. _sys_vlan_1_tag_command Tagged ports of VLAN 1. _sys_stack_command Represents stack block. The sys_template_header_ and snmpv3 engineid "%_sys_snmpv3_engineid%" are mandatory variables that must have the values populated, irrespective of their use in the template. If there is no value set for these variables, Central re-imports the values for these mandatory variables when it processes the running configuration of the device. Example The following table provides an example for the predefined variable definitions: 11 Wired Management Aruba Central User Guide

Table 4: Predefined Variables Example Variable Name Variable Value _sys_oobm_command oobm ip address dhcp-bootp exit _sys_template_header ; J9729A Configuration Editor; Created on release #WB.16.03.0003+ ; Ver #0f:3f.f3.b8.ee.34.79.3c.29.eb.9f.fc.f3.ff.37.ef:91 _sys_hostname HP-2920-48G-POEP _sys_gateway 10.22.159.1 _sys_vlan_1_untag_command 1-28,A1-A2 _sys_ip_address 10.22.159.201 _sys_use_dhcp 0 _sys_module_command _sys_stack_command module 1 type j9729a stacking member 1 type "J9729A" mac-address 5cb901-224c00 exit _sys_vlan_1_tag_command 28-48 _sys_netmask 255.255.255.0 _sys_snmpv3_engineid 00:00:00:0b:00:00:5c:b9:01:22:4c:00 Uploading Variable Files To upload a variable file, complete the following steps: 1. Click Download Sample Variables File. Save the JSON file with the sample variables. 2. Edit the variable file to customize the definitions. 3. Ensure that the _sys_serial and _sys_lan_mac variables are defined with the serial number and MAC address of the devices, respectively. 4. Click Wireless Management > Configuration > Variables. The Variables page opens. 5. Click Upload Variables File and select the variable file to upload. 6. Click Open. The content of the variable file is displayed in the Variables table. 7. To search for a variable, specify a search term and click the Search icon. Downloading Variable Files To download the variable file applied for the devices, click the download icon in the Variables table. Aruba Central User Guide Wired Management 12

Sample Variable File The following example shows the typical contents of a variable file for Instant APs: { "CK0036968": { "_sys_serial": "CK0036968", "ssid": "s1", "_sys_lan_mac": "ac:a3:1e:c5:db:7a", "vc_name": "test_config_ck0036968", "org": "Uber_org_test", "vc_dns_ip":"22.22.22.22", "zonename": "Uber_1", "uplinkvlan": "0", "swarmmode": "cluster", "md5_checksum": "ed8a67a3d1be58261640ca53f8fd3bb8", "hostname": "Uber_1" }, "CJ0219729": { "_sys_serial": "CJ0219729", "ssid": "s1", "_sys_lan_mac": "ac:a3:1e:cb:04:92", "vc_name": "test_config_ck0036968", "org": "Uber_org_test", "vc_dns_ip":"22.22.22.22", "zonename": "Uber_1", "uplinkvlan": "0", "swarmmode": "cluster", "md5_checksum": "ed8a67a3d1be58261640ca53f8fd3bb8", "hostname": "Uber_2" }, "CK0112486": { "_sys_serial": "CK0112486", "ssid": "s1", "_sys_lan_mac": "ac:a3:1e:c8:29:76", "vc_name": "test_config_ck0036968", "org": "Uber_org_test", "vc_dns_ip":"22.22.22.22", "zonename": "Uber_1", "uplinkvlan": "0", "swarmmode": "cluster", "md5_checksum": "ed8a67a3d1be58261640ca53f8fd3bb8", "hostname": "Uber_3" }, "CT0779001": { "_sys_serial": "CT0779001", "ssid": "s1", "_sys_lan_mac": "84:d4:7e:c5:c6:b0", "vc_name": "test_config_ck0036968", "org": "Uber_org_test", "vc_dns_ip":"22.22.22.22", "zonename": "Uber_1", "uplinkvlan": "0", "swarmmode": "cluster", "md5_checksum": "ed8a67a3d1be58261640ca53f8fd3bb8", "hostname": "Uber_4" }, "CM0640401": { "_sys_serial": "CM0640401", "ssid": "s1", "_sys_lan_mac": "84:d4:7e:c4:8f:2c", 13 Wired Management Aruba Central User Guide

"vc_name": "test_config_ck0036968", "org": "Uber_org_test", "vc_dns_ip":"22.22.22.22", "zonename": "Uber_1", "uplinkvlan": "0", "swarmmode": "cluster", "md5_checksum": "ed8a67a3d1be58261640ca53f8fd3bb8", "hostname": "Uber_6" }, "CK0037015": { "_sys_serial": "CK0037015", "ssid": "s1", "_sys_lan_mac": "ac:a3:1e:c5:db:d8", "vc_name": "test_config_ck0036968", "org": "Uber_org_test", "vc_dns_ip":"22.22.22.22", "zonename": "Uber_1", "uplinkvlan": "0", "swarmmode": "cluster", "md5_checksum": "ed8a67a3d1be58261640ca53f8fd3bb8", "hostname": "Uber_7" }, "CK0324517": { "_sys_serial": "CK0324517", "ssid": "s1", "_sys_lan_mac": "f0:5c:19:c0:71:24", "vc_name": "test_config_ck0036968", "org": "Uber_org_test", "vc_dns_ip":"22.22.22.22", "zonename": "Uber_1", "uplinkvlan": "0", "swarmmode": "cluster", "md5_checksum": "ed8a67a3d1be58261640ca53f8fd3bb8", "hostname": "Uber_8" } } Check the audit trail to troubleshoot issues pertaining to template-based configuration. Configuring Switches in UI Groups This section describes the configuration procedures for the switches in the UI groups: Viewing Switch Details on page 14 Configuring Ports on page 15 Configuring Access Policies on page 17 Configuring VLANs on page 16 Configuring DHCP Pools on page 18 Applying Configuration Changes through CLI Snippets on page 19 Configuring System Parameters for a Switch on page 20 Viewing Switch Details You can export configurations from an existing switch to a new switch within the same group. In this case, the new configuration of the switch overwrites the existing configuration (including the device override). Aruba Central User Guide Wired Management 14

You can configure parameters of a switch through the UI. By default, these parameters have the values configured using the switch. If the switch inherits the group configuration, the configuration parameters are already defined. However, if required, you can edit these parameters. To view the configuration parameters for the switch, complete the following steps: 1. From the app selector, click Wired Management. 2. From the group selector, select a group or a device. The Switches page opens and displays the following information. Table 5: Switches Pane Name MAC Address Hostname IP Assignment IP Address Netmask Default Gateway Description MAC address of the switch. Name of the host. Method of IP assignment as static or DHCP. IP address for static IP assignment. Netmask for static IP assignment. Default gateway for static IP assignment. 3. To view the details of the switch, click the MAC address of the switch. 4. To edit the switch configuration parameters, click the edit icon. Configuring Ports To view the port details of a switch, complete the following steps: 1. From the app selector, click Wired Management. 2. From the group selector, select a group or a device. To configure a Mobility Access Switch, click Switch-MAS. To configure other Aruba switches, click Switch-Aruba. 3. Click Ports. The Ports page displays the list of ports configured on the switch. For the Aruba Mobility Access Switches, the Ports page displays the following information: Table 6: Ports Page Mobility Access Switches Name Port Number Admin Status Port Mode VLAN Description Indicates the number assigned to the switch port. Indicates the operational status of the port. Indicates the mode of operation. The port can be configured to function in Trunk or Access mode. Shows the VLAN to which the port is assigned. Based on the port mode, you can assign different types of VLAN. For Access mode, an Access VLAN can be specified. For Trunk mode, the Native VLAN and Allowed VLAN can be configured. 15 Wired Management Aruba Central User Guide

Name Power over Ethernet Auto Negotiation Speed/Duplex Trusted Description Displays the enabled or disabled status of Power over Ethernet (PoE). Indicates the status of the Auto Negotiation. If auto negotiation is enabled, the Speed and Duplex fields are automatically set to Auto. If auto negotiation is disabled, the speed can be set to 10 Mbps, 100 Mbps, or 1 Gbps and the duplex mode can be set to half or full. Displays the speed and duplex configuration settings for the client traffic. Indicates if the port is trusted. For the other Aruba switches, the Ports page displays the following information: Table 7: Ports Page Aruba Switches Name Port Number Admin Status Power over Ethernet Description Indicates the number assigned to the switch port. Indicates the operational status of the port. Displays the enabled or disabled status of Power over Ethernet (PoE). Access Policy (In) Allows you to apply an existing access policy for the inbound traffic on the port. Access Policy (Out) Allows you to apply an existing access policy for the outbound traffic on the port. 4. To edit port details, click Edit, and configure the port parameters. 5. Click Save. Configuring VLANs The Aruba switches support the following types of VLANs: Port-based VLANs In the case of trusted interfaces, all untagged traffic is assigned a VLAN based on the incoming port. Tag-based VLANs In the case of trusted interfaces, all tagged traffic is assigned a VLAN based on the incoming tag. The Aruba Mobility Access Switch also supports the following types of VLANs. Voice VLANs You can use voice VLANs to separate voice traffic from data traffic when the voice and data traffic are carried over the same Ethernet link. MAC-based VLANs In the case of untrusted interfaces, you can associate a client to a VLAN based on the source MAC of the packet. Based on the MAC, you can assign a role to the user after authentication. Adding VLAN Details By default, all the ports in the Switches are assigned to VLAN 1. However, if the ports are assigned to different Aruba Central User Guide Wired Management 16

VLANs, the VLANs page displays these details. To add a VLAN, complete the following steps: 1. From the app selector, click Wired Management. 2. From the group selector, select a group or a device. To configure a Mobility Access Switch, click Switch-MAS. To configure other Aruba switches, click Switch-Aruba. 3. Click VLANs. The VLANs page is displayed. 4. Click + to add a VLAN. The Add VLAN window opens. 5. Configure the following parameters: ID The VLAN ID. Description A short description for VLAN. IP Address IP address of the VLAN interface. Netmask Netmask of the IP address of the VLAN interface. DHCP Slider for enabling DHCP pool associated with the VLAN. Access Policy (In) Access policy assignment to VLAN for the inbound traffic (vlan-in). The VLAN- IN rule is applied for the bridged and routed inbound packets on a VLAN. VLAN Port Mode Port mode to apply on the VLAN. To apply a port, complete the following steps: a. Select the port number. b. Select any of the following port modes: Tagged Ports Tagged ports if any. A tagged port will normally carry traffic for multiple VLANs from the switch to other network devices such as an upstream router or an edge switch. Untagged Ports Untagged ports if any. In case of untagged ports, the Ethernet frames are not VLAN tagged. c. Click Apply. 6. Click OK. Editing the VLAN Details To edit the VLAN details, select the VLAN row and click the edit icon. Deleting VLAN Details To delete the VLAN details, complete the following steps: 1. Ensure that the VLANs are not tagged to any ports. 2. Click the delete icon for the VLAN you want to delete. VLAN 1 is the primary VLAN and cannot be deleted. Configuring Access Policies To restrict certain types of traffic on physical ports of Aruba switches, you can configure ACLs from the Central UI. To create an access policy, complete the following steps: 1. From the app selector, click Wired Management. 2. From the group selector, select a group or a device. 17 Wired Management Aruba Central User Guide

3. Click Switch-Aruba> Security. The Security page opens. Central does not support access policy configuration on Aruba Mobility Access Switches. 4. Click +. The New Access Policy pop-up opens. 5. Enter a name for the policy. 6. To add a rule to the access policy, click + under Rules, and configure the following parameters: a. Source Select a source of the traffic for which you want to an access rule. b. Destination Select a destination port. c. Protocol Select the type of network port or protocol. d. Action Allow or deny access as required. 7. Click Ok. The access policies must be applied to a Switch port and the VLAN assigned to a port. For more information on, access policy assignment to ports and VLANs, see the following topics: Configuring Ports on page 15 Configuring VLANs on page 16 Configuring DHCP Pools To configure a new DHCP pool on a switch, complete the following steps: 1. From the app selector, click Wired Management. 2. From the group selector, select a group or a device. To configure a DHCP pool on a Mobility Access Switch, click Switch-MAS > DHCP Pools. To configure a DHCP pool on other Aruba switches, click Switch-Aruba > DHCP Pools. Central does not support DHCP pool configuration on Aruba 2530 Switch Series. If any of the devices is running a lower version, a warning message is displayed, and the DHCP configuration changes are pushed only to the devices that support the DHCP. If the devices are upgraded to a supported version or moved out of the group, the warning message will not be displayed. 3. To activate the DHCP service, select the Enable DHCP service check box. The DHCP service can be enabled only if there is a valid DHCP pool. 4. To edit the DHCP pool details, click the edit icon. 5. To delete a DHCP pool, click the delete icon. When the Do you want to delete <DHCP Pool Name>? pop-up window prompts you, click Yes. Adding a New DHCP Pool 1. To add a new DHCP pool, click New and configure the following parameters: Name Name of the pool. Network A valid network IP address to assigned to the DHCP pool. Netmask Netmask of the DHCP pool. Lease Time The lease time for the DHCP pool in days-hours-minutes format. You can set a maximum value of 365 days 23 hours and 59 minutes in the DD-HH-MM format. Default Router IP address of the default router in the subnet. You can add up to 8 IP addresses. Aruba Central User Guide Wired Management 18

DNS Server Address of the DNS server. To add multiple DNS servers, click +. You can add up to 8 DNS servers. WINS Server Address of the WINS server. The WINS server address is required only for the Mobility Access Switches. To add multiple WINS servers, click +. Netbios server Address of the Netbios server. The Netbios server address configuration is not required for Mobility Access Switches. To add multiple WINS servers, click +. You can add up to 8 Netbios servers. IP address Range IP address range within the network and network mask combination. Exclude Address Range IP address range to exclude. This field is available only for the Mobility Access Switches. To add multiple excluded address range, click +. Option The code and type of the DHCP option to configure. A value within the range of 2-254 with type as hexadecimal and ASCII is valid. Value The value to assign to the DHCP option. To add multiple values, click +. 2. Click Add. Applying Configuration Changes through CLI Snippets Central allows you to modify switch configuration through the UI menu options. However, if certain parameters are not available for configuration in the UI, Aruba recommends that you use CLI snippets to push configuration changes to switches. You can apply configuration changes from CLI snippets to an individual switch or for switches provisioned in a UI or template group. Central does not support CLI snippets for Aruba Mobility Access Switches. Central supports variable definitions in CLI snippets only for the switches provisioned in a template group. You can also use the CLI snippets to override the variable definitions for each device in a template group. Adding CLI Snippets for Template Groups To add a CLI snippet to devices in a template group, complete the following steps: 1. From the app selector, click Wired Management. 2. From the group selector, select a template group. The template configuration menu options are displayed. 3. Click Advanced Settings. To apply the configuration changes to a specific switch model or firmware version, select the desired values for Model and Version. To apply the configuration changes to all Switches provisioned in the template group, select All for Model and Version. 4. Paste the CLI snippet. 5. The configuration in the CLI snippet is applied to the devices matching the selected criteria. The variables in the CLI snippet are applied to the configuration templates. Adding CLI Snippets to Switches Provisioned in UI Groups You can apply a CLI snippet to a switch both at the group and device levels. To push configuration changes through the CLI snippet, complete the following steps: 1. From the app selector, click Wired Management. 19 Wired Management Aruba Central User Guide

2. From the group selector, select a UI group. The configuration menu options are for the UI groups are displayed. 3. Click Advanced Settings. To apply the configuration changes to a specific switch model or firmware version, select the desired values for Model and Version. To apply the configuration changes to all Switches provisioned in the template group, select All for Model and Version. 4. Paste the CLI snippet. 5. Ensure that the CLI snippet does not include variable definitions. 6. Click Save. The configuration changes are added to the devices matching the selected criteria. Configuring System Parameters for a Switch The System menu under Switch-MAS and Switch-Aruba allows you to configure administrator credentials and enable mode for the switch users. Configuring Administrator Credentials for Mobility Access Switch To configure administrator credentials for a Mobility Access Switch, complete the following steps: 1. From the app selector, click Wired Management. 2. From the group selector, select a group or a device. 3. Click Switch-MAS > System. The System page opens. 4. Enter the password for admin in the Admin Password text box and confirm the administrator password. 5. Enter the password for enable mode in the Enable Mode Password text box and confirm the password. 6. Click Save Settings. Configuring Administrator and Operator Credentials for Other Aruba Switches To configure administrator credentials for other Aruba switches, complete the following steps: 1. From the app selector, click Wired Management. 2. From the group selector, select a group or a device. 3. Enter the username for the administrator user. 4. Enter the password for admin in the Admin Password text box and confirm the administrator password. 5. Enter the password for enable mode in the Enable Mode Password text box and confirm the password. 6. To configure the operator user credentials, complete the following steps: 7. Select the Set Operator Username check box. 8. Enter a username and password for the operator user. 9. Confirm the password. 10. Click Save Settings. Aruba Central User Guide Wired Management 20

Configuring a Name Server To set a static IP switches, you must configure a name server. To configure a name server, complete the following steps: 1. From the app selector, click Wired Management. 2. From the group selector, select a group or a device. The switch configuration options are displayed. For Aruba Mobility Access Switches, click Switch-MAS. To configure other Aruba switches, click Switch-Aruba. 3. Enter the IP address of the name server obtained from the DNS server in the Name Server text box. 4. Click Save Settings. 21 Wired Management Aruba Central User Guide

Aruba Switch Stack The Aruba 2920 Switch Series devices support stacking. A switch stack is a set of switches that are interconnected through stacking ports. In a switch stack, the switches in the same subnet are configured to use a single IP address. The switches in a stack elect a primary member called commander and the remaining switches in the stack function as secondary members. A maximum of four Aruba Switches can be used for forming a switch stack. For more information on topology and configuration of switch stacks, see HPE ArubaOS-Switch Management and Configuration Guide for Aruba 2920 Switch Series. Provisioning Switch Stacks in Central Central supports management of Aruba 2920 switch stacks running WB.16.04.0008 or later. The switch elected as the commander establishes a WebSocket connection to Central. The following criteria apply to provisioning and management of switch stacks in Central. Switch stacks can be added only to a template group and cannot be moved to a UI group. If the standalone switches in a group join to form a switch stack, the switch is moved to the Unprovisioned state. If a switch stack is moved from a pre-provisioned group to an existing group in the UI, it will be moved to Unprovisioned state. After forming a switch stack, you can remove a member and erase its stacking configuration. However, the member can join Central as a standalone switch only after it is deleted from the switch stack. Configuring Switch Stacks The switch stacks are provisioned under template groups in Central. The template groups allow you to configure and modify the settings of a switch stack using configuration templates. When uploading a configuring template, ensure that the variables are uploaded for all the members of the stack. The template is applied with the variables of the member that is elected as the commander. To create a configuration template for switch stack, complete the following steps: 1. From the app selector, click Wired Management. 2. From the group selector, select template group to which the switch stack is assigned. The menu options for configuring devices in the template groups are displayed. 3. Click Templates. The Templates page opens. 4. Click + to create a template for the Aruba switch stack. 5. Specify a name for the template. 6. Select Aruba Switch from the Device drop-down list. 7. Select the Aruba Switch model in the Model drop-down list. 8. Select the Aruba Switch software version in the Version drop-down list. 9. Enter the template text in the Template box. 10. Click Save. Central does not support the use of part number (J-number) in place of Switch model number in configuration templates for the Aruba switch stack. Aruba Central User Guide Wired Management 22

The following pre-defined variables are refreshed and re-imported from a switch stack when a new stack member is added or removed, or when a failover occurs. _sys_template_header _sys_module_command _sys_stack_command _sys_oobm_command _sys_vlan_1_untag_command _sys_vlan_1_tag_command Monitoring Switch Stacks Stacks The Monitoring > Switches page displays the status and usage of all switches and switch stacks provisioned in Central. To view information pertaining to switch stacks, on the Switches page, click the List tab and select the Stacks option. The following table describes the information displayed on the Stacks page: Table 8: Stacks Page Stacks Pane Content Name Location Group Clients IP Address Description Displays the name of the switch stack. A green bullet preceding the stack name indicates that it is UP. A red bullet indicates that the stack is DOWN. Displays the location of the switch stack. Displays a list of switch stacks sorted based on maximum usage. It also shows the data traffic transmitted (Tx) and received (Rx) from clients. Displays the number of clients connected to the switch stack. Displays the IP address of the switch stack. Stack Details To view the details of the switch stack, select Monitoring > Switches > List > Stacks pane and click the stack for which you want to view the details. The Stack Details page opens. 23 Wired Management Aruba Central User Guide

The following table describes the contents of Stack Details page: Table 9: Stack Details Page Data Pane Content Status Uptime Individual stack members Ports Uplink Description Indicates the operational status of the switch stack. Indicates the time since which the switch stack is operational. Indicates the number of switches forming the switch stack (categorized as member, commander, and standby) Displays the following details of the switch ports: Graphs Throughput Aggregate client data traffic detected on the switch stack Connected Clients Number of clients connected to the switch stack Table column headers Port# Port number Oper Stat Operational status of the switch stack PoE PoE status of the port Type Type of switch stack port Mode Operational mode of the port Tx Usage Client data transmission details Rx Usage Data traffic received from the clients connected to the port Trusted Ports marked as trusted. Displays the Uplink Stats graph. The graph displays the uplink statistics for the inbound and outbound data traffic. Aruba Central User Guide Wired Management 24

Table 9: Stack Details Page Data Pane Content Info Alerts and Event logs Map Description Displays the following details for the switch stack: Stack Details Stack Name Name of the switch stack Split Policy Details on how the stack is split Stack Status Shows if the switch stack is active or not Member Count Shows number of members on the switch stack Topology Type of switch stack topology Member Details Member Serial Number Serial number of member switch. Member ID Member identification number Member Status Status of the member Serial Number Serial number of the switch stack Public IP The public IP address of the switch stack Management IP Management IP address of the switch stack MAC address MAC address of the switch stack Power Consumption Power drawn from the switch stack in watts (W). CPU (graph) percentage of CPU utilization with pointer to Green, Amber, or Red portion of the graph. Uplink Ports Displays the uplink statistics of ports Member Role Displays member role Switch Model Type Hardware model of the switch stack Firmware Version Firmware version of the switch stack Fan Speed Fan speed of the switch stack. For the other switches, the Fan Speed field shows Ok to indicate that the fan speed is fine. Group Name Name of the group to which switch is assigned Location Location in which the switch stack is installed Memory (graph) Percentage of memory utilization with an indicator to Green, Amber, or Red portion of the graph Displays the alerts details and event log generated for this switch stack. Alerts table Shows Date/Time at which alert is generated and the description for the alert Event Log table Shows Date/Time at which the event occurred and a description of the event Displays the geographical location of the switch stack. 25 Wired Management Aruba Central User Guide

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback